Ensure there is no policy with invalid principal format for AWS Key Management Service (KMS)

LOW

Description

Setting a Principal in an access policy will effectively grant users, accounts, or services with access to each repository. For more information on how to properly assign a Principal within the KMS policy, see the AWS documentation.
References:
https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html

Remediation

In AWS Console -

Sign in to the AWS Console and open the KMS Console.
Under Customer managed keys, choose the key you wish to edit.
Under Key policy, choose Switch to policy view, then select edit.
Configure the policy accordingly.
Select Save changes.

In Terraform -

In the aws_kms_key resource, configure the policy accordingly with a properly defined Principal.

References:
https://docs.aws.amazon.com/kms/latest/developerguide/security-iam.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key

Policy Details

Rule Reference ID: AC_AWS_0479

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_kms_key

Resource Category: Management

Resource Type: Key Management Service (KMS)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF